Hackers attack messengers using QR codes and steal confidential data and money

Since the beginning of 2024, there has been a surge in phishing attacks using QR codes targeting Russians on social media and messaging platforms, as reported by Alexey Korobchenko, the head of the information security department at Security Code company, to Gazeta.Ru.

QR codes are currently being utilized in various fraudulent attack schemes. One of the most common involves redirecting individuals to malicious websites. Attackers distribute advertising materials to victims containing QR codes, leading them to phishing resources. If personal information is entered on such a site, hackers gain access to the user's confidential data, including control over their accounts.

"Another typical vector for phishing attacks is malicious files sent as attachments or through links. These files may mimic important documents from regulators, urgent updates, or installation files, such as for joining a video conferencing meeting. In our case, attackers conceal these important documents within QR codes to circumvent email security measures," explained the expert.

Additionally, according to Korobchenko, scammers actively exploit the increasing popularity of making payments via QR codes. In doing so, they manipulate the data within the code, such as the user's credentials, to divert funds to their own accounts.

The expert further noted that, to steal messenger accounts, attackers often resort to social engineering, coercing users to scan malicious QR codes through platforms like Telegram, WhatsApp, or Discord. These services use QR codes for session authentication, so if a user scans a malicious QR code, fraudsters can gain access to their accounts, personal data, and conversations.